Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security CISSP-Discussion
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[CISSP-D] REVIEW: "Honeypots for Windows", Roger A. Grimes

from [Rob, grandpa of Ryan, Trevor, Devon & Hannah] Network Security [Permanent Link]
Subject: [CISSP-D] REVIEW: "Honeypots for Windows", Roger A. Grimes
Date: Thu, 18 Aug 2005 10:38:36 -0800 
BKHNPTWN.RVW   20050614

"Honeypots for Windows", Roger A. Grimes, 2005, 1-59059-335-9, U$39.99
%A   Roger A. Grimes roger@banneretcs.com
%C   2560 Ninth Street, Suite 219, Berkeley, CA   94710
%D   2005
%G   1-59059-335-9
%I   Apress
%O   U$39.99 510-549-5930 fax 510-549-5939 info@apress.com
%O  http://www.amazon.com/exec/obidos/ASIN/1590593359/robsladesinterne
  http://www.amazon.co.uk/exec/obidos/ASIN/1590593359/robsladesinte-21
%O   http://www.amazon.ca/exec/obidos/ASIN/1590593359/robsladesin03-20
%O   Audience i+ Tech 2 Writing 1 (see revfaq.htm for explanation)
%P   392 p.
%T   "Honeypots for Windows"

Now, we all know that honeypots can be fun: turning the tables on the
blackhats, and watching what they are doing for once.  We'll even
acknowledge that the information honeypots provide can be useful,
teaching us the types of approaches and activities that intruders are
likely to undertake.  But Grimes, in the introduction, stresses the
position that honeypots are important security tools used for
protection: that the extensive employment of honeypots will somehow
"put an end" to script kiddies and the myriad attacks we see flying
around the nets.

Part one is about general honeypot concepts.  Chapter one is an
introduction to honeypots, looking at different honeypots and some
common attack types, and has an extremely terse mention of the fact
that there are risks associated with using honeypots.  Components and
simple topologies for honeypots are listed in chapter two.

Part two moves specifically to Windows honeypots.  Chapter two lists
the ports that a Windows computer typically has open, and provides
some (but not much) information on how the major ones work.  A set of
questions to ask yourself about how you want to operate and configure
your honeypot are in chapter three, along with generic advice about
hardening the computer if you use Windows as the native operating
system.  There is a table of services that you might want to turn off. 
There is also an inventory of programs you may wish to remove: it
contains rather dated entries such as edlin.exe, but doesn't mention
items such as tftp.exe.  Chapters five to seven are concerned with the
honeyd program and its Windows port, first in regard to description
and installation, then configuration options, and finally service
scripts.  Other honeypot programs; Back Officer Friendly (BOF),
LaBrea, SPECTER, KFSensor, Patriot Box, and Jackpot; are outlined in
chapter eight, with the commercial entries getting the bulk of the
space.

Part three deals with the operation of honeypots.  Chapter nine has
some basic traffic analysis information, mostly documentation for the
use of the Ethereal packet sniffer and the Snort intrusion detection
system.  A number of tools for monitoring your system are listed in
chapter ten.  Even though the title is "Honeypot Data Analysis," most
of chapter eleven records more monitoring tools.  Grimes reprises some
of his stuff from "Malicious Mobile Code" (cf. BKMLMBCD.RVW), and adds
a catalogue of assembly tools, to talk about analysing such code in
chapter twelve.

As a compilation of utilities, the book will probably be a handy
reference for those who are interested in trying out a honeypot, or
possibly just getting more information from their Windows computer. 
Network administrators who are seriously interested in actually
running a honeypot or reviewing the data thus collected should
probably look into "Know Your Enemy" (cf. BKKNYREN.RVW) or "Honeypots"
(cf. BKHNYPOT.RVW), both by Spitzner.

copyright Robert M. Slade, 2005   BKHNPTWN.RVW   20050614


======================  (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca      slade@victoria.tc.ca      rslade@sun.soci.niu.edu
The brain is a mass of cranial nerve tissue, most of it in mint
condition.                                             - Robert Half
http://victoria.tc.ca/techrev    or    http://sun.soci.niu.edu/~rslade



------------------------ Yahoo! Groups Sponsor --------------------~--> 
<font face=arial size=-1><a 
href="http://us.ard.yahoo.com/SIG=12hrl49g9/M=362131.6882499.7825260.1510227/D=groups/S=1705007140:TM/Y=YAHOO/EXP=1124394017/A=2889191/R=0/SIG=10r90krvo/*http://www.thebeehive.org
">Get Bzzzy! (real tools to help you find a job) Welcome to the Sweet Life 
- brought to you by One Economy</a>.</font>
--------------------------------------------------------------------~-> 

 
Yahoo! Groups Links

<*> To visit your group on the web, go to:
    http://groups.yahoo.com/group/CISSP-Discuss/

<*> To unsubscribe from this group, send an email to:
    CISSP-Discuss-unsubscribe@yahoogroups.com

<*> Your use of Yahoo! Groups is subject to:
    http://docs.yahoo.com/info/terms/
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [CISSP-D] REVIEW: "Honeypots for Windows", Roger A. Grimes, Rob, grandpa of Ryan, Trevor, Devon & Hannah <=
Previous by Date:  [CISSP-D] REVIEW: "Cyber Spying", Ted Fair/Michael Nordfelt/Sandra Ring, Rob, grandpa of Ryan, Trevor, Devon & Hannah
Next by Date:  [CISSP-D] Study Group in Washington, DC, kriticschoice
Previous by Thread:  [CISSP-D] REVIEW: "Cyber Spying", Ted Fair/Michael Nordfelt/Sandra Ring, Rob, grandpa of Ryan, Trevor, Devon & Hannah
Next by Thread:  [CISSP-D] Study Group in Washington, DC, kriticschoice
Indexes:  [Date] [Thread] [Top] [All Lists]